New FIDO Alliance Design Guidelines: Key takeaways for passkeys and a phishing-resistant user future

The FIDO Alliance is an open industry association launched in 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. Yubico has pioneered the development of FIDO authentication standards that the FIDO Alliance has adopted, working to make the internet safer for all. First published in 2022, the FIDO Alliance Design Guidelines offer data-backed recommendations for designers, engineers, product managers, content strategists, and UX researchers to guide the implementation and expansion of passkey support.

In late May, the alliance released significant updates which include research on passkey management and integrating different passkey types, like synced and device-bound passkeys. Research shows that prominently displaying passkey options within user account settings, alongside other authentication methods, and maintaining consistent styling across platforms with clear messaging effectively motivates users to create and use various passkey types. This approach maximizes adoption as users are more receptive to security actions.

The guidelines emphasize offering a choice between synced and device-bound passkeys (e.g., FIDO security keys like YubiKeys) for flexibility and enhanced security. A unified passkey management UI under “Passkeys” simplifies user interaction.

The guidelines also align with the long-term direction of passkeys. Highlights from additional FIDO research in 2024 show consumer passkey awareness and adoption are on the rise. A majority believe passkeys are more secure (61%) and more convenient than passwords (58%).

Phishing-resistant users: The future of passwordless security

Cybersecurity is designed by people, for people, and can be exploited by people. This is where the concept of a phishing-resistant user comes into focus – it is central in modern cybersecurity, focusing on the human element. With recent advancements in passwordless – and new on-device authentication solutions – the way an organization can establish and manage a user’s identity credential throughout its lifecycle has evolved to address these increasing challenges. In order to truly prevent phishing attacks, organizations must do more than just invest in phishing-resistant authentication – they must instead focus on enabling phishing-resistant users through modern authentication technology.

With awareness of passkeys as a phishing-resistant authentication method on the rise, the focus naturally shifts to the people actually using the technology. As modern and affordable devices proliferate, individuals use personal devices for work emails and work devices for personal tasks. For example, people often possess multiple devices (smartphones, laptops, tablets) across different platforms (Apple, Google, Microsoft) between personal and professional use.

Combining all passkey types in the same interface makes it quick and intuitive to register on a primary device. With research showing that changing behavior requires understanding and motivation, educating users about passkeys within settings can shape attitudes and encourage registration. People need to comprehend and apply advice and must be willing to change their attitudes and intentions. Introducing passkeys in relevant settings helps users adopt them, providing context and increasing engagement.

The YubiKey offers high assurance, high security and convenience: as a single-device passkey (device-bound), you simply plug in your YubiKey and enter a PIN and touch to authenticate — even if you registered on a different device or platform. Your cyber resilience starts with the YubiKey for robust and accessible cybersecurity that delivers phishing-resistant users.

For more information on the new FIDO Alliance Design Guidelines, visit their website here. Ensure the highest security and convenience for your digital accounts with YubiKey and become a phishing-resistant user today – it’s never been easier, with the ability to store up to 100 passkey credentials with the latest YubiKey updates. Visit our store for more information and to purchase keys for your organization.

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless